Proxy Server Solutions

[stangman517]

Hello Dave.

Yeah I honestly do not believe I could TRUST a proxy service with any of my personal data, eg. bank passwords. Esp. after researching since the start of my post. Great information btw! Thanks!

 

[stangman517]

Hmm, on Linux I'd check logs many times while working: secure log for one and other httpd logs and others - which I'm familiar. BUT are you saying there's a way to view my ISPs modem data in my house???!!! How cool can that be!

 

[Chuck(G)]

Many modems are Linux-based and host both telnet and http services. Here's a clip of my modem's (Technicolor C2000T) system log:

DATE        TIME         SYSTEM                   ACTION
04/20/2016  01:20:42 AM  Firewall                 Intrusion -> IN=ppp0.1 OUT= SRC=72.167.218.192 DST=71.210.0.224 PROTO=TCP SPT=110 DPT=55257 
04/20/2016  01:20:41 AM  Firewall                 Intrusion -> IN=ppp0.1 OUT= SRC=72.167.218.192 DST=71.210.0.224 PROTO=TCP SPT=110 DPT=55256 
04/20/2016  01:20:40 AM  Firewall                 Intrusion -> IN=ppp0.1 OUT= SRC=72.167.218.192 DST=71.210.0.224 PROTO=TCP SPT=110 DPT=55255 
04/20/2016  01:20:40 AM  Firewall                 Intrusion -> IN=ppp0.1 OUT= SRC=72.167.218.192 DST=71.210.0.224 PROTO=TCP SPT=110 DPT=55254 
04/20/2016  01:20:39 AM  Firewall                 Intrusion -> IN=ppp0.1 OUT= SRC=72.167.218.192 DST=71.210.0.224 PROTO=TCP SPT=110 DPT=55253 
04/20/2016  01:20:38 AM  Firewall                 Intrusion -> IN=ppp0.1 OUT= SRC=72.167.218.192 DST=71.210.0.224 PROTO=TCP SPT=110 DPT=55251 
04/20/2016  01:20:10 AM  Firewall                 Intrusion -> IN=ppp0.1 OUT= SRC=72.167.218.192 DST=71.210.0.224 PROTO=TCP SPT=110 DPT=55257 
04/20/2016  01:20:09 AM  Firewall                 Intrusion -> IN=ppp0.1 OUT= SRC=72.167.218.192 DST=71.210.0.224 PROTO=TCP SPT=110 DPT=55256 
04/20/2016  01:20:08 AM  Firewall                 Intrusion -> IN=ppp0.1 OUT= SRC=72.167.218.192 DST=71.210.0.224 PROTO=TCP SPT=110 DPT=55255 
04/20/2016  01:20:08 AM  Firewall                 Intrusion -> IN=ppp0.1 OUT= SRC=72.167.218.192 DST=71.210.0.224 PROTO=TCP SPT=110 DPT=55254 
04/20/2016  01:20:07 AM  Firewall                 Intrusion -> IN=ppp0.1 OUT= SRC=72.167.218.192 DST=71.210.0.224 PROTO=TCP SPT=110 DPT=55253 
04/20/2016  01:20:06 AM  Firewall                 Intrusion -> IN=ppp0.1 OUT= SRC=72.167.218.192 DST=71.210.0.224 PROTO=TCP SPT=110 DPT=55251 
04/20/2016  01:19:02 AM  Firewall                 Intrusion -> IN=ppp0.1 OUT= SRC=195.216.176.244 DST=71.210.0.224 PROTO=TCP SPT=43185 DPT=3391 
04/20/2016  01:18:22 AM  Firewall                 Intrusion -> IN=ppp0.1 OUT= SRC=117.4.240.22 DST=71.210.0.224 PROTO=TCP SPT=59376 DPT=22 
04/20/2016  01:15:37 AM  Firewall                 Intrusion -> IN=ppp0.1 OUT= SRC=72.167.218.192 DST=71.210.0.224 PROTO=TCP SPT=110 DPT=52099 
04/20/2016  01:15:37 AM  Firewall                 Intrusion -> IN=ppp0.1 OUT= SRC=72.167.218.192 DST=71.210.0.224 PROTO=TCP SPT=110 DPT=52098 
04/20/2016  01:15:36 AM  Firewall                 Intrusion -> IN=ppp0.1 OUT= SRC=72.167.218.192 DST=71.210.0.224 PROTO=TCP SPT=110 DPT=52097 
04/20/2016  01:15:36 AM  Firewall                 Intrusion -> IN=ppp0.1 OUT= SRC=72.167.218.192 DST=71.210.0.224 PROTO=TCP SPT=110 DPT=52096 
04/20/2016  01:15:22 AM  Firewall                 Intrusion -> IN=ppp0.1 OUT= SRC=184.105.247.234 DST=71.210.0.224 PROTO=UDP SPT=57575 DPT=623 
04/20/2016  01:15:05 AM  Firewall                 Intrusion -> IN=ppp0.1 OUT= SRC=72.167.218.192 DST=71.210.0.224 PROTO=TCP SPT=110 DPT=52099 
04/20/2016  01:15:05 AM  Firewall                 Intrusion -> IN=ppp0.1 OUT= SRC=72.167.218.192 DST=71.210.0.224 PROTO=TCP SPT=110 DPT=52098 
04/20/2016  01:15:04 AM  Firewall                 Intrusion -> IN=ppp0.1 OUT= SRC=72.167.218.192 DST=71.210.0.224 PROTO=TCP SPT=110 DPT=52097

 

[Tor]

How do people manage networking where isolation from the Internet is an issue (security concerns), but who do need interconnectivity with other machines? I have a couple of customers who, for various reasons, want assurances that their data will never be seen on the Internet.

To date, I've been sneakernet-ing data between the unconnected systems via USB flash drive. This makes the customers happy, but is a an annoyance.

Yep. A customer of mine has an isolated network for the operational systems. These machines don't have USB (well, they have, but not for mass storage), so updates are done by USB flash drive inserted in a dedicated computer on that network which is there for that purpose only, and then copied over to the target machines. It's a little bit of bother (mostly because the dedicated computer is in a completely different area, on a different floor, inside a low cabinet behind a desk), but I approve - their systems have never had to suffer any kind of security issues. The weak point would be that in-between box with USB, but as it's a dedicated box it can be set up so that most threats-via-USB are avoided.

As for network attacks, many many years ago when we set up one of our dedicated C blocks (we still keep two!) for the first time (it had *never* been exposed to the internet before) it took about 20 seconds before the attackers started to hammer the firewall. I was monitoring it at the time and was frankly quite surprised.

On my Linode I have firewalled off most of two of the biggest countries known for attacks, and countless other smaller ones.. I set it up to just drop the packets, no reject. Let them hang waiting for timeout. In addition the firewall automatically blocks and logs repeated connections that are not explicitly approved (as I only use that box for my own setup, not as a service for anything for anybody else), and I see plenty of attacks. Thousands a day, even with the majority of source IPs blocked off already.